With the new AdSense terms & conditions changes made last week, one of the requirements is that all publishers have a posted privacy policy in place that advises visitors specifically about cookies and web beacons. Here is an AdSense-friendly version of a privacy policy that JenSense readers are welcome to use on their own sites. Obviously, replace ___.com with your own website name and/or URL. And you may need to tailor bits of it to suit your site – if your site targets a specific country, you can change the ISP and city examples with ones in your own country.

Privacy Policy for ____.com

The privacy of our visitors to ____.com is important to us.

At _____.com, we recognize that privacy of your personal information is important. Here is information on what types of personal information we receive and collect when you use and visit _____.com, and how we safeguard your information. We never sell your personal information to third parties.

Log Files
As with most other websites, we collect and use the data contained in log files. The information in the log files include your IP (internet protocol) address, your ISP (internet service provider, such as AOL or Shaw Cable), the browser you used to visit our site (such as Internet Explorer or Firefox), the time you visited our site and which pages you visited throughout our site.

Cookies and Web Beacons
We do use cookies to store information, such as your personal preferences when you visit our site. This could include only showing you a popup once in your visit, or the ability to login to some of our features, such as forums.

We also use third party advertisements on ____.com to support our site. Some of these advertisers may use technology such as cookies and web beacons when they advertise on our site, which will also send these advertisers (such as Google through the Google AdSense program) information including your IP address, your ISP , the browser you used to visit our site, and in some cases, whether you have Flash installed. This is generally used for geotargeting purposes (showing New York real estate ads to someone in New York, for example) or showing certain ads based on specific sites visited (such as showing cooking ads to someone who frequents cooking sites).

You can chose to disable or selectively turn off our cookies or third-party cookies in your browser settings, or by managing preferences in programs such as Norton Internet Security. However, this can affect how you are able to interact with our site as well as other websites. This could include the inability to login to services or programs, such as logging into forums or accounts.

Don’t forget you now need to have a privacy policy on all your AdSense sites, this isn’t something that is optional, and when you agreed to the new terms, you agreed to do this too. I don’t know how strict they will be policing this new change to the terms, but it is always better to be safe than sorry when it comes to protecting your AdSense account. You don’t want a black mark against your account because you haven’t done this, I will be making the changes to all mine this week.

Update March 2009 – If you are looking for a new privacy policy to cover the new interest based targeting, I will have a new one up in the next few days

Don’t forget to subscribe to the JenSense feed for more great tips this month.

We use Google AdSense cookies and/or web beacons are used to collect data in the ad serving process. You can remove the Google Adsense cookie by clearing the private data in your browser and changing your browser privacy settings to refuse all cookies or to indicate when a cookie is being sent.

Jennifer, thanks for putting this on your site, small question though, yes it has to go on all sites showing adsense but could that be on the home page only or should it be on all pages which show adsense units?

Secondly I thought about doing a link from all my sites/pages to one single document which will be easy to change later if needs be.

I’d use a no-follow tag so that the search engines didn’t suddenly see all of my 20 sites link to a page which I’m frankly not sure where I’d locate.

The document would read “This is the Privacy Policy of the xxxx group of websites, one of which you just came from” etc…etc… and then somewhere close to that top line “please use your browsers back button to return to the previous page”

Maria – for all intents and purposes, it needs to be implemented as soon as you agree to the new terms. However, I am sure publishers have a couple of weeks as a grace period to do it.

Tony – it doesn’t say specifically if it is a site-wide or homepage only option. But adding links to a privacy follow shouldn’t hurt anything at all, unless you maybe decide to add some mesothelioma keywords on your privacy policy page too! But I would be inclined to do it on each individual website, and not just one URL for a whole network, because there could be network crosslinking issues, depending on how you have it set up.

As I understand, we must accept the conditions by May 28, 2008.
Jen, thank you for the guidelines and the permission to use your (appropriately changed) policy.
Jen, what do you think, should this policy be posted as a regular post and under a newly created category, or should a new page be created just for this?

But if a blog is hosted by a third party who provides the log stats, I don’t read the new Google privacy page as requiring that you disclose that you have access to whatever the host provides in the log.

I am just a lawyer so I am probably wrong. But what do you see in the new policy that requires a disclosure of the ability to access the log?

Michael – I would say that you still need it, as it is not just about logs, but also cookies and web beacons that Google gives to visitors of your site. As far as logs go, if you have any kind of analytics tool, or if your host provides you with any kind of stats (such as Webalizer or AWStats etc) that includes information in the logs, just not in the raw log text format.

Lana, for blogs, I would make a new page and then just link to it from your footer, that way people (including the Google checkers) can easily find it.

Jena first time to your site thanks to a link from another site. I had previously read the policy changes. One thing I am unclear on is how a blogspot (Google blog) fits into taking responsibility for the privacy policy.

Our contract or agreement is with Google/Blogger.com because we are on their servers and we entered an agreement to place ads from their advertisers for revenue purposes.

The privacy policy (correct me if I am wrong) appears to relinquish Google and the advertisers from any and all responsibility should there be an issue with privacy invasion concerning visitors to our blogs, the end users—because they (Google’s Advertisers) place cookies.

We do not have control nor opportunity to choose advertisers as normal business websites would who have a first party legal agreement with their advertisers.

The language of the policy requires us to fulfill the public placement of the privacy policy for the end users with wording that clearly suggests we have such a relationship with the advertisers.

Google acknowledges me as an “Independent contractor” a business owner. But they have handed down the policy as if I am an employee governed by my Employer’s legal necessities.

Of course a choice to keep AdSense running on your site or not is given as you are logging in to your AdSense account and read the new TOS and Policy requirements.

For bloggers on Google Servers it would have been more appropriate for Google to integrate a viewing og the policy to the end user as they click on ads or make impressions on blog sites. They have a first person agreement with the advertisers we do not. They represent the advertisers to the blog publishers.

I am not saying I oppose instituting the policy. I’m 100% for it. My concern is that blog publishers unlike website owners who have control of the relationship and legal agreements they have with advertisers ie., Advertising departments and Attorneys are unprotected in all this.

Though it sounds as if this is a protective cushion for bloggers and it is, it also makes us solely responsible for all legal matters that could transpire about invasion of the end users privacy and who knows what else is lying layers deep should something go wrong.

So, though I am grateful for the updated TOS and policy I wonder what it is coming in the future for Blog publishers with Google blogs with such a legal layer being implemented. I’m sorry the comment is so long but its more question than comment and you seem to have a firm grip on the issue.

Thank you for sharing your expertise and the privacy policy language. I will be posting a link to your site if you don’t mind for others who may need it.

(I’m really tired, forgive me if I rambled. I can’t tell at this point.)

[…] run-down of the information about tracking and cookies that you need to disclose, along with a helpful privacy policy template. Please Digg, Stumble, bookmark or share this: These icons link to social bookmarking sites where […]

Vanessa – I don’t believe the intention is to screw bloggers, or anyone else for that matter. I think it is to keep the Google lawyers happy, so they are disclosing the Google cookies are being placed on sites using AdSense. Website owners are in the same position as bloggers if they use AdSense, being a blogger vs. website owner does not mean one gets to choose ads while the other doesn’t. It isn’t making those running AdSense on the site liable, it is simply having publishers disclose the cookies & web beacons if anyone ever wonders why they got a Google cookie from PublisherABC.com.

Basically, I think Google just wants to be able to say that they are disclosing the fact that web beacons and/or cookies could be used on third party sites (meaning all AdSense publisher sites).

The policy isn’t created to treat you as an employee… it is just part of being in the program, the same as how you agree that you won’t show ads on pr0n sites or agree you won’t contact the AdWords advertisers to have them advertise directly on your site and bypassing Google.

>> it would have been more appropriate for Google to integrate a viewing og the policy to the end user as they click on ads or make impressions on blog sites.

They wouldn’t do this as first, it would make for a very bad user experience for those visitors, and second, advertisers would be pretty upset about this kind of a change, especially when they pay for that initial click to go to the website and not a privacy policy page.

That said, I bet about 99.99999% of all web surfers never check the privacy policy on a general website they are surfing where they aren’t submitting personal information (such as an email address, birth date or phone number). And on sites where they are submitting personal info, I bet that number doesn’t change all that much either.

Long story short, this is a change so that if someone makes a fuss about “OMG, I was on ABCPublisherSite.com and I got a Google cookie!” it can be pointed out that ABCPublisherSite.com did actually point out that fact in the privacy policy. And the policy is identical whether you are on Google hosted Blogger or doing it yourself on a non-Google host.

Thanks for answering my concerns and I do understand this affects all Internet users who access the world wide web and all who use Google services.

My reference to websites is for example, sites like the NY Times or Martha Stewart who have blogs incorporated into their domain ownership and use AdSense with other advertising in certain parts of their domain. They of course have other options for advertising and Advertising depts etc.

I like the AdSense program. I think it is the best ad program that exists taking all things into account. Obviously multiplied thousands of website owners and bloggers think so too because a great majority use the AdSense program. The legalities are necessary. Its business not personal and that was my point. Some publishers are not going to deal with this in business terms and others will opt for a one sided view when we need to consider it from other perspectives as well.

I truly appreciate the time you’ve taken to flesh this out for us and to listen and respond to concerns. Glad I found your site. Thanks.

Jen; I looked at the google policy again. I remain of the view that the appropriate privacy policy need not make a reference to log files – unless the user can somehow take an action to avoid showing up in the log.

My sense is that google wants us to tell the consumer of our blogs how to protect their privacy re cookies and beacons.

But anyone who wants to surf by-passing the server logs can do so via proxies. There is no need to disclose this, in my opinion.

[…] having a mandatory privacy policy — something I admittedly glossed over. Jensense has a sample template that you can use (which I did). If you haven’t created one, go ahead and use this one, because Adsense now requires you to […]

[…] Thanks to Jen from Jensense, all my web-sites now have a privacy policy that complies with the new Google Adsense Terms and Conditions; however, if you’re responsible for multiple sites, implementing this policy could potentially take hours. Well today’s your lucky day because I took her basic policy and added some minor php tweeks to semi-automate the implementation process. This little bit of PHP wizardry drastically cut down on the amount of time I would have spent manually implementing the policy for each web-site. […]

[…] If you are making money with Google AdSense and in the last days you logged in you Google AdSense account, you should see that they are presenting you the new terms and conditions. Before accept the new terms and conditions, be sure to read all the guidelines. Now to use Google AdSense program and avoid to be banned you need to place in every page a link to a privacy policy page, to advices visitors specially about cookies and web beacons. If you are lazy like me, JenSense published a privacy policy sample (click here for the sample). […]

[…] you’d be in compliance with the new AdSense TOS. Honestly though, I used Jensense’s sample template to create with my own AdSense TOS-friendly Privacy Policy. The automatic Privacy Policy Generator was just too complicated for me to use. Jensense’s […]

[…] Slegg who is some kind of expert on Adsense. On her site JenSense.com she has so kindly created a cut and paste privacy policy for those of us lazy people to use. It took me less than 10 minutes to add the privacy policy to […]

Thanks for this, I accepted the terms and conditions without rally reding them and now I just realize everyone is talking about this but I didn’t have a clue of what to write!
I will “steal” yours and link to this post as soon as I have put it on my blogs.

I am now in the process of updating all of my GA sites and thank you for helping to make this a little easier to deal with. I had been in forum discussions with many users who agreed to the new GA TOS without knowing this had changed. I still have to completely read through what I agreed to myself and am thankful that I printed it out before agreeing to it. Anyway, just wanted to say THANKS!

I have been looking around trying to figure out if it is safe to put the no robots meta tag on the page that is your privacy policy. Obviously it doesn’t need to be fed PR and link juice, but at the same time Google needs to be able to find it. Any thoughts on this? Thanks.